Year 2000: smart strategies

The problem is that applications will fail when computers use two-digit date fields to
do ca

That impending ugliness is so predictable, you have to ask: How could the
programmers writing code 25 years ago not know?

The answer, of course, is they did know. But, given the rapid turnover of
technology, they reasonably thought users would retire the programs before the issue
arose.

And the six-digit date field saved space. "Remember, memory then cost about
$10,000 a megabyte as opposed to less than $1 a megabyte now," pointed out year 2000
consultant Gary Venner of Horizons Consulting, Reston, Va.

Whatever, the solution is straightforward: Fix the code.

Ideally, agencies would convert all mainframes, workstations, operating systems,
applications, databases, every satellite controller, telephone switch, global positioning
system and all the rest of their microprocessor-controlled devices to the four-digit year
representation that the National Institute of Standards and Technology recommended last
April.

Straightforward but big, SSA has 30 million lines of computer code that it must
examine for date fields, with a fix-and-test time estimate of 300 work years, according to
Sally Katzen, administrator of the Office of Management and Budget's Office of Information
and Regulatory Affairs. And, the IRS has 20 million such lines of code.

The Defense Department "has an inventory of thousands of systems and hundreds
of millions of lines of computer code," said Emmett Paige Jr., assistant secretary of
Defense for command, control, communications and intelligence.

Add the lines of code for 23 other agencies and, at costs estimated as high as $8
per LOC, a $30 billion price tag is possible.

The problem presents some unique characteristics, Katzen explained at a
congressional hearing last year.

First, the deadline is immovable. "Second, unlike a normal system development
or maintenance activity, many systems must be fixed concurrently," she said.

Third, "because computer systems interoperate and share data, the modified
systems must be tested together. Furthermore, all of these fixes must be made while the
current system continues to operate," Katzen said, likening it to "rebuilding a
rocket ship while it's on its way to the moon."

The closer that ship gets to the moon, the more valuable the engineers rebuilding it
become. Salaries for Cobol programmers are expected to double in the next two years.


"You just can't get your hands on enough people," said Bruce Whitman, year
2000 consultant with Trecom, a subsidiary of Amdahl Corp. in Jersey City, N.J. "We
have an executive vice president just for sourcing talent around the world. Right now,
he's interviewing programmers in Russia to come over here on green cards to
work."

There are other complications, such as the leap year question and the difficulties
raised by different calendars. Some applications take the date from the BIOS chip, some
take it from the operating system. Even the way the timekeeper is accessed can be a
problem.

Depending on assumptions made by a system's designer, other potential date traps lie
in wait, Katzen warned.

"Information relevant to a year could be found in a computer application by
using the year to find its relative location in a table," she explained. Thus,
"information about 1996 would be at the 96th location in a table. Such a technique
would fail in the year '00' because there is no 0th location."

The problem is not restricted to mainframes. With client-server systems, the
hardware and software are newer, and more likely can handle dates come 2000. But there
could be snags, even with updates from software makers.

"The biggest concern is user-written applications, databases and
spreadsheets," Hall said. "They're very hard to inventory and catch. A lot of
year 2000 teams are centralized and can't go to every PC to see what's on it."

Programs written in PC languages such as C++ are more likely to be OK compared to
those written in Cobol, Hall said. "But that's only as a function of age. A lot of
applications were built using legacy and mainframe code as a template."


The glitch list goes on, as feds at the CIA's recent year 2000 conference found. They
came in confident of a fix, the famous silver bullet.

One agency financial manager's experience was far from unique. "I asked our
tech staff if we were ready," he said, "and they said we're fine because they've
already changed our date fields to four digits.

"Then that colonel got up and was talking about interfaces, and I thought,
'What do you mean, interfaces?' Then I thought, 'Oh my God, we interface with
everybody!"

The sky is falling! The sky is falling!

Fricasee Chicken Little; the sky is not falling. This isn't new science, solutions
exist. There's nothing here that programmers can't fix, given both time and money. That,
of course, is the crux of the matter.

Arithmetic tells us time is short. Federal chief information officers wish they had
a nickel for every time they've heard the White House, Congress, OMB and every other
agency chief say, "There's no additional money for fixing year 2000 problems."
The Clinton budget aside, there's small hope of help here.

But that's not to say there is no help. The Year 2000 Interagency Committee,
established by OMB a year ago, "has been effective in raising awareness of the
problem, sharing expertise on ways to address the problem and in identifying impediments
that may slow technicians' fixing systems," Katzen said.

Kathleen Adams, the committee's chairwoman, is SSA's associate commissioner for
systems design and development. In 1989, Adams kicked off SSA's year 2000 work, which will
reach the testing stage next year.

Adams urged agencies to think beyond internal operations and include data exchanges
with other government systems.

Adams and the committee have strongly supported the NIST standard, warning that
without it, differences in code conversion techniques will make systems vulnerable to
errors when data is exchanged.

It will be "like getting a virus in your software," Adams said [GCN, April
15, 1996, Page 3].

The committee since has developed and posted on its World Wide Web site a
best-practices page, a vendor-compliance status list of products that agencies are using,
as well as contract and warranty language.

The page also lists the Federal Acquisition Regulation Council interim rule that
requires all agencies to make sure any commercial products they buy properly perform date
and time processing tasks after Dec. 31, 1999.

The Defense Information Systems Agency also has been actively developing resources
and making them available on its Web page. DISA accelerated its efforts last August when
Paige gave DOD systems managers until Dec. 31, 1996 to submit systems inventories and year
2000 compatibility cost estimates to the Defense Information Systems Tools list, DOD's
official system repository. Any systems not on the list, he said, would not be
funded.


More help and information is available from the federal CIO Council, headed by GSA's
chief information officer, Joe Thompson. There are resources, tools and consultants. Most
of all, there are other agencies.

If you're in the early days of your year 2000 efforts, SSA's Software Technology and
Engineering Center director, Judith Draper, has some free advice: "Blitz
it."

Draper led SSA's search for automated tools to help convert system code. "If I
were just starting today," she said at the CIA conference, "I'd want a dedicated
team with the highest, with the most absolute authority to do whatever needed to be done.
It's the only way it can be done."

The task is formidable in scope. "Bridges will have to be built between systems
as changes

Systems must be inventoried, assessed, analyzed and validated. That puts you at the
halfway mark: Jan. 1, 1998, ideally, but certainly no later than Jan. 1, 1999, to allow a
full year for testing and implementation.


Triage is crucial, said Carl Palmer, DISA's deputy chief information officer.
"There just isn't time to worry about every little dog-and-cat application," he
said.

To help managers make the tough triage decisions, Palmer developed a weighted
systems rating method based on system mission importance, impact of system collapse and
operational importance.

Users, not systems staff, rate system failure as having a high, medium or low
impact. Any system rated critical-fatal-fatal gets attention first [GCN, Dec. 9,
1996, Page 1].

Other agencies are using the Web to offer help. The Housing and Urban Development
Department's year 2000 budget estimate is on the Year 2000 Interagency Committee's home
page, as is the Health Care Financing Administration's how-to guide on building your own
estimate. SSA has posted an overview of its own conversion effort.


But the work doesn't stop at agency walls. Unique to federal year 2000 efforts is the
responsibility to protect public health and safety.

The Centers for Disease Control and Prevention, midway through its year 2000 effort,
offers up guidance on its Web site at http://www.cdc.gov/year2000.htm.


Public health information is "especially sensitive to and dependent upon dates
for epidemiological and health statistics," CDC points out.

If a primary-care provider informs the agency of "the death of an individual
who was born in year '00,' is this a case of infant mortality or a geriatric
case?"

Federal computer processing greatly affects the nation's economy, Mu'oz told a
House subcommittee last April. For instance:


An enormous task lies ahead. It's like the riddle: How do you eat an elephant? Answer:
One bite at a time.


inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above